[Openswan Users] virtual_private exclude question

Mike James mike.james at clutch.com
Fri Jan 17 14:05:22 EST 2014


I searched but didn’t see any answer / explanation of this. In my xl2tpd config for remote workers, I’ve used a different subnet to hand out IPs. Do I have to exclude that subnet in virtual_private declaration in ipsec.conf?

/etc/xl2tpd/xl2tpd.conf

[global]
   ipsec saref = no
   listen-addr = 192.168.1.250

[lns default]
   ip range = 192.168.140.2-192.168.140.254
   local ip = 192.168.140.1
   refuse chap = yes
   refuse pap = yes
   require authentication = yes
   ppp debug = yes
   pppoptfile = /etc/ppp/options
   length bit = yes

Should virtual_private exclude both 192.168.1.0/24 and 192.168.140.0/24?

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10,%v4:!192.168.1.0/24,%v4:!192.168.30.0./24
--


Michael James
Sr. Network Engineer
267-419-6400, x204
mike.james at clutch.com
        [Clutch]
The Premiere loyalty, rewards, and gifting platform
for consumer-focused brands and retailers.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140117/89c609a6/attachment.html>


More information about the Users mailing list